<?php
    session_start();

    include ('includes/config.php');
    include ('includes/database.php');

    //todo : join needed to table 'profile'
    $sql = "select * FROM
            users, user_profiles  
            WHERE username ='". $_POST["username"]. 
            "' AND password='". md5($_POST["password"]).
            "' AND users.id = user_profiles.user_id";
    $result = mysql_query($sql);
    
    if ($result) {
        if (mysql_num_rows($result)) {
            // Login Succesfull
            $data = mysql_fetch_assoc($result);
            
            $_SESSION['username'] = $data["username"];
            $_SESSION['nickname'] = $data["nickname"];
            $_SESSION['name']= $data["name"];

            // Redirect
            header("location:dashboard.php");
        }
        else {
                header("location:index.php");
        }
    }
    else {
        die("Error executing query: " . mysql_error());
    }
?>
